Overview

overview

10

Static

static

new.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new.exe

  • Size

    9.8MB

  • Sample

    220403-zjq2tsdcc3

  • MD5

    c3a63ac2c01030ba802ad4e77b1e63fd

  • SHA1

    684f76b5a78bfb49f5a5773e6ce813d044771be8

  • SHA256

    e20343610f4cb0e01439f4363b9d2292c4292a3287353f6493eb0e75bc48aa28

  • SHA512

    072f92b1dcf259e8893149a9bebbf28aa4c89188150f3f2f1d14a3146143aa3a5c76541bccb5df212c2f50f30d98f3d575128c4a9b2a65f7750644fb68e2ebb9

Score
10/10
wannacrydiscoveryevasionransomwareupxworm

Malware Config

Targets

    • Target

      new.exe

    • Size

      9.8MB

    • MD5

      c3a63ac2c01030ba802ad4e77b1e63fd

    • SHA1

      684f76b5a78bfb49f5a5773e6ce813d044771be8

    • SHA256

      e20343610f4cb0e01439f4363b9d2292c4292a3287353f6493eb0e75bc48aa28

    • SHA512

      072f92b1dcf259e8893149a9bebbf28aa4c89188150f3f2f1d14a3146143aa3a5c76541bccb5df212c2f50f30d98f3d575128c4a9b2a65f7750644fb68e2ebb9

    Score
    10/10
    wannacrydiscoveryevasionransomwareupxworm

    • Wannacry

      WannaCry is a ransomware cryptoworm.

      ransomwarewormwannacry

    • Executes dropped EXE

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Modifies file permissions

      discovery
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks